passport-oauth2 icon indicating copy to clipboard operation
passport-oauth2 copied to clipboard

Published 20 hours ago verified publisher icon jaredhanson

Internal OAuth2 service

Open haf opened this issue 6 years ago • 5 comments
trafficstars

When developing, I have an internal OAuth2 service; however, this lib assumes the public (redirectable) OIDC/OAuth2 tokenURL URI is resolvable when fetching resolving the access token from the authorization code.

It should be possible to specify different public/internal HTTP endpoints.

haf avatar Aug 30 '19 16:08 haf

You can specify any URL you want using options.authorizationURL and options.tokenURL. Is that not sufficient?

jaredhanson avatar Aug 30 '19 17:08 jaredhanson

I tried doing that, which leads to other internal errors without all details, and I don't know how to get at the actual error contents, so I can't debug it 😞🐼. The status code is 500... Perhaps it's a DNS resolution error server-side that is causing it. I've cloned the repo and am introducing logging throughout to see what the actual error is.

haf avatar Aug 30 '19 18:08 haf

You should be able to put log statements here: https://github.com/jaredhanson/passport-oauth2/blob/master/lib/strategy.js#L402

to get at the original error. That should help identify and DNS or other related issues. Please post here any details you find.

jaredhanson avatar Aug 30 '19 19:08 jaredhanson

It was initially a DNS issue resolving to 127.0.0.1 and then when changing the token uri, I get this:

 getOAuthAccessToken callback err= { statusCode: 502,
   data:
    '{"error":"error","error_description":"The error is unrecognizable.","status_code":500,             "error_debug":"can not serve request over insecure http","request_id":""}\n' }
 _createOAuthError message= Failed to obtain access token err= { statusCode: 502,
   data:
    '{"error":"error","error_description":"The error is unrecognizable.","status_code":500,             "error_debug":"can not serve request over insecure http","request_id":""}\n' }
 GET /accounts/oauth2/c/site 500 148 30.014ms b8090a5f8ec8b415d76c3412b216752a -
 TokenError: The error is unrecognizable.
     at OAuth2Strategy.parseErrorResponse (/app/dist/lib/passport-oauth2/strategy.js:241:16)
     at OAuth2Strategy._createOAuthError (/app/dist/lib/passport-oauth2/strategy.js:277:22)
     at /app/dist/lib/passport-oauth2/strategy.js:94:44
     at /app/node_modules/oauth/lib/oauth2.js:191:18
     at passBackControl (/app/node_modules/oauth/lib/oauth2.js:132:9)
     at IncomingMessage.<anonymous> (/app/node_modules/oauth/lib/oauth2.js:157:7)
     at IncomingMessage.emit (events.js:198:15)
     at endReadableNT (_stream_readable.js:1139:12)
     at processTicksAndRejections (internal/process/task_queues.js:81:17)

Which logs TokenError: The error is unrecognizable. with the error logging code present in this library.

The solution in this case is to fake HTTPS between k8s pods: { 'X-Forwarded-Proto': 'https' } needs to be added as headers... Now if I can find the fetch statement?

haf avatar Aug 30 '19 20:08 haf

https://github.com/jaredhanson/passport-oauth2/pull/93/files#diff-04c6e90faac2675aa89e2176d2eec7d8R105 would have helped to debug this

haf avatar Aug 30 '19 20:08 haf